ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Email News Digest

v1.0.0

Summarize recent emails, generate a thematic image, and send a formatted HTML email report with the summary and image. Use for daily news digests, project updates, or any email-based reporting that needs visual enhancement and rich formatting.

0· 1.5k·4 current·4 all-time
by@matthewxfz3

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for matthewxfz3/email-news-digest.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Email News Digest" (matthewxfz3/email-news-digest) from ClawHub.
Skill page: https://clawhub.ai/matthewxfz3/email-news-digest
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install email-news-digest

ClawHub CLI

Package manager switcher

npx clawhub@latest install email-news-digest
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to fetch emails and send HTML messages with an attached generated image. Those capabilities normally require access to a Gmail account (OAuth tokens or SMTP credentials) and an image-generation API/key. Yet the skill declares no required environment variables, no primary credential, and no config paths. That discrepancy suggests either the skill expects external tooling (e.g., a preconfigured 'gog' CLI or another skill) to supply credentials or the metadata is incomplete.
!
Instruction Scope
SKILL.md instructs running scripts that will 'fetch the most recent email matching your query', assemble HTML, call another skill ('nano-banana-pro') to generate an image, and call 'gog gmail send' to dispatch mail. Those runtime actions may read local files, access credential stores, or make network calls. The README does not document what local configuration is required, where credentials are read from, or any safeguards around recipient lists or sensitive content. Because actual scripts are present (not just prose), you must inspect them before running.
Install Mechanism
No install spec is present (instruction-only plus two scripts). That minimizes automatic installation risk—nothing will be downloaded or installed automatically by the skill registry. However, the included scripts will run when invoked, so risk remains at execution time rather than installation time.
!
Credentials
The skill requests no env vars but clearly needs access to email-sending and email-reading capabilities as well as an image-generation skill. Absence of declared credentials (OAuth tokens, SMTP credentials, API keys) is a red flag: either the metadata is incomplete or the scripts rely on other preconfigured CLI tools/config files to obtain credentials. That increases the chance of unexpected credential usage or misconfiguration.
Persistence & Privilege
The skill does not set always:true and does not declare model invocation privileges. It therefore does not request permanent or always-on presence via the registry metadata. Risk is limited to when a user explicitly runs the provided script.
What to consider before installing
Before installing or running this skill: (1) Inspect the two scripts (scripts/process_and_send.sh and scripts/summarize_content.py) line-by-line to see exactly what commands are executed, what files or env vars are read, and what network endpoints are contacted. (2) Confirm how you will provide Gmail access and image-generation credentials—do not run the script until you understand where OAuth tokens or API keys must live and whether they will be transmitted anywhere. (3) Verify the 'gog' CLI and 'nano-banana-pro' skill are trusted and configured in a minimal-privilege way. (4) Run the script in a safe environment (isolated container or throwaway account) with test recipients to confirm behavior. (5) Look for any hardcoded endpoints, unusual curl/wget commands, or any steps that read ~/ (home) or environment variables like *TOKEN/KEY/PASSWORD; if present, treat as high risk. If you want, provide the contents of scripts/process_and_send.sh and scripts/summarize_content.py and I can analyze them line-by-line and update this assessment.

Like a lobster shell, security has layers — review code before you run it.

latestvk974vekyq50bfhwmevtn2a1xr180ncy7
1.5kdownloads
0stars
1versions
Updated 12h ago
v1.0.0
MIT-0
@matthewxfz3
latest
Download

Email News Digest

This skill automates the process of creating an AI-powered news digest from your recent emails, generating a relevant image, and sending a formatted HTML report.

Usage

To use this skill, run the process_and_send.sh script with the required parameters:

skills/email-news-digest/scripts/process_and_send.sh \
    --recipients "matthewxfz@gmail.com,salonigoel.ssc@gmail.com" \
    --email-query "newer_than:2d subject:news" \
    --image-prompt "A sharp, modern western style image representing AI growth, fierce competition, and diverse applications."

Parameters

  • --recipients: Comma-separated list of email addresses to send the digest to.
  • --email-query: Gmail search query to filter recent emails (e.g., "newer_than:2d subject:AI"). See email-filters.md for more examples.
  • --image-prompt: A descriptive prompt for the AI image generation.

How it Works

  1. Email Retrieval: Fetches the most recent email matching your query.
  2. Content Summarization: Extracts content and generates a structured summary (TL;DR, main title, and sections) using an internal Python script. (Note: The summarization script currently uses a placeholder summary; future enhancements will integrate a full LLM for dynamic summarization.)
  3. Image Generation: Creates a thematic image using the nano-banana-pro skill based on your image-prompt.
  4. HTML Report Assembly: Constructs a dynamic HTML email body using a template, incorporating the summary and a reference to the generated image.
  5. Email Dispatch: Sends the formatted HTML email with the image as an attachment using gog gmail send, employing a robust Base64 encoding/decoding method to handle complex HTML content safely.

Summarization Standards

To ensure high-quality output, the summarization process within this skill adheres to the following standards:

  • Key Insights & Trends: Prioritize extracting major announcements, significant developments, and overarching trends rather than mere factual recitations.
  • Conciseness: The TL;DR should be 3-4 sentences, providing a quick overview. Detailed sections should elaborate succinctly.
  • Accuracy & Fidelity: Summaries must faithfully represent the original content without introducing new information or distorting facts.
  • Clarity & Professionalism: Use clear, straightforward, and professional language. Avoid jargon where simpler terms suffice.
  • Bias Neutrality: Summaries should be objective, presenting information as-is without injecting personal opinions or biases.

Implementation Standards (Summarization Component)

  • Modularity: The summarization logic resides in scripts/summarize_content.py to ensure it's self-contained and easily upgradable.
  • Input/Output: The script should accept raw email content (or extracted text) as input and output a structured JSON object containing the TL;DR, main title, and markdown-formatted sections.
  • Future LLM Integration: The current Python script uses a placeholder. Future development will focus on integrating a robust Large Language Model (LLM) API (e.g., Gemini) to perform dynamic, context-aware summarization based on these standards.

References

Comments

Loading comments...